IamPolicySearchResult(mapping=None, *, ignore_unknown_fields=False, **kwargs)The result for a IAM Policy search. .. attribute:: resource
The full resource
name <https://cloud.google.com/apis/design/resource_names#full_resource_name>__
of the resource associated with this IAM policy.
:type: str
Attributes
| Name | Description |
project |
str
The project that the associated GCP resource belongs to, in the form of projects/{project_number}. If an IAM policy
is set on a resource (like VM instance, Cloud Storage
bucket), the project field will indicate the project that
contains the resource. If an IAM policy is set on a folder
or orgnization, the project field will be empty.
|
policy |
google.iam.v1.policy_pb2.Policy
The IAM policy directly set on the given resource. Note that the original IAM policy can contain multiple bindings. This only contains the bindings that match the given query. For queries that don't contain a constrain on policies (e.g. an empty query), this contains all the bindings. |
explanation |
google.cloud.asset_v1p1beta1.types.IamPolicySearchResult.Explanation
Explanation about the IAM policy search result. It contains additional information to explain why the search result matches the query. |
Classes
Explanation
Explanation(mapping=None, *, ignore_unknown_fields=False, **kwargs)Explanation about the IAM policy search result. .. attribute:: matched_permissions
The map from roles to their included permission matching the
permission query (e.g. containing
policy.role.permissions:). A sample role string:
"roles/compute.instanceAdmin". The roles can also be found
in the returned policy bindings. Note that the map is
populated only if requesting with a permission query.
:type: Sequence[google.cloud.asset_v1p1beta1.types.IamPolicySearchResult.Explanation.MatchedPermissionsEntry]